Shock: Another Zeus Hack!

An insurance firm in Michigan lost nearly $150,000 this month as a result of a single computer virus infection, reports Brian Krebs. The 'single computer infection' bit should of course be taken with a few grains of salt.

United Shortline Insurance of Port Austin Michigan discovered on 5 February their controller's PC was behaving oddly. Considering it was a PC and PCs are ordinarily very odd anyway, that must have really been something.

United Shortline's computer techician used multiple security tools to scour the odd system and concluded that it had been invaded by - you guessed it - that great Greek god Zeus.

[Uh just a question: why did the 'computer techician' wait until after the fact to inspect the corporate systems he was responsibe for? Is this 'computer techician' the very same one who once went on the line and declared PCs were OK security-wise? Just asking.]

Tinkerbell

The plot thickens. United Shortline Insurance received a call from Tinker Federal Credit Union at the Tinker USAF base in Oklahoma three days later. They'd noticed a funky transaction for - you guessed it again - just under $10,000.

It was at this point United Shortline Insurance kicked into high gear. Performing a new security scan, they discovered 15 (fifteen) funky transactions, all to recipients with no connection to USI.

Shock!

'OMG someone's just taken all of the money out of our trust account!!1!', said USI president Louis Schillinger who was rushed to Bill Gates Memorial Hospital, suffering from shock.

Mules presumably moved the money out of the country.

'The bank said whoever logged in to make these transfers successfully answered those questions', said Schillinger from his Bill Gates Memorial hospital bed. 'How could they do that?'

'And this is all information I don't even have written down anywhere!!1!'

[Ah. So a few more revelations. Schillinger's own account was hacked. And as he's prepared to swear on a stack of Mercks and Sanfords he'd never written any of that down, the hackers must have refined their branch of Zeus to be able to read the confused minds of bewildered CEOs.]

Oh Happy Day

Schillinger reports now that people at Bay Port State Bank have been able to recover just over half the money lost.

Oh happy day.

But Schillinger admits he is still in shock - and that several members of his staff and staff at Bay Port State Bank are also in shock. Trolleys (gurneys) are reportedly lining the corridors at Bill Gates Memorial Hospital.

In a moment of unusually painful delirium (that also caused a temporary grammatical lapse) Schillinger told the media:

'Both my bank and us are looking at each other, asking what could we have done differently to prevent it?'

No word yet from the hospital if Schillinger will ever be released.

Eichler

'Bay Port State Bank president Ed Eichler said they moved quickly to stop and reverse the transactions as soon as they got the call from United', reports Krebs. 'But Eichler said the bank will be reviewing their processes to figure out how to spot this type of activity more quickly in the future.'

[Uh - as Zeus only attacks Windows jalopies, how about just looking for Windows? That should take care of the worst of it - no?]

Schilliger isn't the only one with his head in the sand either. His buddy Ed Eichler's dug even deeper. To wit:

'We haven't had this happen before.'

And:

'Before it was a story problem, and now it's a real life problem.'

Finally:

'You can do all the training on this you want to, but most of that doesn't matter until this goes to something that's actually happened to you that you can put your hands on.'

[You put your hands on it now, Ed. Hold on tight.]

What the Big Banks Say

Eichler said he contacted colleagues at a much larger bank and was told that recovering 50% is actually pretty good.

Ah. So it's happened to others as well? O RLY? Wow. Now hold on. Hark to the words of security wisdom from his friends at the 'big banks'. And keep in mind that in these days of Microsoft Windows heightened security Eichler's never before discussed this with any of his colleagues. Never. That's security for you.

'The big banks told us to go to bed and get over it. They told us they write off more than that every day.'

[So this type of thing happens all the time, and it's even bigger than Eichler thought, and the advice is to go to bed and get over it?]

Shock Shock Everywhere!

It's not just staff at USI and Bay Port that are in shock. The hobby security enthusiasts at Krebs' site are in shock too.

Krebs of course advises to not use Windows for stuff like going online and absolutely not for banking or anything more critical than Minesweeper or Notepad.

'As I've advised previously, companies can insulate themselves from these attacks by simply using a dedicated machine for online banking.'

[Good advice. Then they can keep all those Windows machines, preferably leave them unconnected and turned off, and all will be well in Denmark.]

'This may take the form of an inexpensive Windows netbook or laptop, for example, that is locked down, and used only for accessing the bank's Web (and not for e-mail, casual browsing, etc).'

[Uh OK...]

'Alternatively, since 99.9 percent of all malware simply fails to load on non-Microsoft computers, using something other than Windows for online banking - such as a Mac or a Live CD solution - also is a very sound approach.'

[Uh yeah. Exactly. Brian truncated a few 9s on the right of the decimal in that percentage but still and all. But now look to the comments.]

Egyptian Irrigation System!

Comments on the above story at Krebs on Security.

'Three times is emphasis. Why emphasise Korea?'

An 'awareness survey' of bank staff would be interesting.

Dedicated PCs or LiveCDs are good ideas but how about not doing Internet banking at all?

'Mac is great, but everyone always complains about something not working like Excel macros.'

'Banks have to accept that they are going to be doing business with malware infected customers and act accordingly.'

'Of course a dedicated Mac would be the smartest alternative, but it's only a matter of time before that platform becomes susceptible as well.'

'What deters me from trying Linux is I think I'll have to replace my existing software modem with a hardware one and just for banking? I don't know.'

Denial's a bitch. Krebs' followers have to be the dumbest in the world to not even believe what he himself tells them.